More than three weeks after US software firm Kaseya was hit by a massive ransomware attack, the software vendor has managed to get hold of the universal decryptor key. Swedish grocery chain Coop was among the first whose businesses were impacted by the ransomware attack. Overall, there were more than 1,500 businesses and public organizations whose computers were seized by hackers. Russia-linked REvil gang has claimed responsibility for the attack. But the notorious group responsible for this hacking disappeared from the internet. This left the Florida company with no option of paying up in order to get decryptor keys. But the issue seems to have been resolved now with the surprise appearance of the universal key required to decrypt all the files crippled in the attack. The hack was so widespread that not only Kaseya’s clients but also the files of all their customers were targeted by the group. The group managed to do it by exploiting a bug in managed service provider software known as Virtual System Administrator. This resulted in a wave of devastation. Kaseya is a company that provides software services to companies that would not deal with IT infrastructures.
Usually, in the cases of such ransomware attacks, the victims have two options – rebuild the entire thing again with the help of backup or simply pay the ransom to get access. In this case, the hackers demanded roughly USD 45,000 from individual businesses. REvil has initially demanded USD 70 million for a universal decryptor. However, the group later brought down this amount to USD 50 million. But eventually, the hackers vanished, leaving everyone stranded. They even took away their payment portal. Victims were not able to pay even if some of them wanted to. But the company has now confirmed that it had got access to the universal key. According to a spokesperson of the company, Kaseya got a universal decryptor from a ‘trusted third party.’ However, the spokesperson refused to elaborate on how exactly they got it. “Our team is actively working with companies and organizations that were affected. We will soon share the information about how the universal key will be made available to all who need it. The spokesperson said that the company is taking the help of antivirus firm Emsisoft in order to reach victims. The outreach program is already underway and the company hopes to reach most of them in a very short span of time.
Emsisoft threat analyst Brett Callow said that they confirmed that the universal key is effective files affected in the attack. “We are working with the software firm to provide all necessary support to its customers. The key is effective and we will help customers of Kaseya to access their files. However, experts believe that the number of victims at this point may be relatively small. “It is good news that we finally have a universal key. It would definitely help some clients. But it is likely that it’s too little too late. This is because all those who could have managed to rebuild their data through backups would have done it by now,” Jake Williams, CTO of security firm BreachQuest, was quoted as saying in a report. But many victims of this global ransomware attack were those who preferred to outsource their IT needs and hence it is very likely that they would have any reliable backups. While the development brings a sigh of relief for many, the larger concern about the ransomware threat still remains. Before targeting Kaseya, the group shut down the food supply giant JBS. REvil is known for using ransomware against big companies. There are other such groups who are active in these things. Earlier to this, another notorious group, known as Darkside, targeted Colonial Pipeline and cut off a large portion of the East Coast’s fuel supply.